AWS Evangelist and reluctant friend-of-the-newsletter ("AHH! STOP CALLING ME THAT! WE'RE NOT FRIENDS!") Randall Hunt is leaving sunny Los Angeles to go spend more time with his Cloud in Seattle, writing blog posts. We'll miss him on the speaking circuit, but enjoy being able to read his work over our morning coffee.

This week has me in Denver for DevOps Days Rockies where I'm giving two talks, followed by a fun event on Thursday where I talk about the Myth of Cloud Agnosticism at the Boulder Kubernetes Meetup. If you're in the greater Denver area, stop by / hit reply and let me know you're around. I'll have Last Week in AWS stickers for you.

The application of Lambda functions to fight back against lazy GitHub practices is a great idea, and is likely to replace my current model of "screaming at people when they get it wrong."

Ken Hui goes into depth on a first look at AWS Secrets Manager. I've heard a fair bit of shade being thrown at it over the past week, so let me be very clear: if you've already got Vault / Chamber / SSM/Parameter Store / something else up and working for you, terrific-- AWS Secrets Manager isn't for you. It's for folks who don't want to spend a month or six of engineering time to securely manage passwords and such.

I find the idea of deleting old tweets with Lambda to be interesting. In my case, it's not for privacy protections or other high-minded reasons, but because most of my old tweets are garbage.

An interesting take on Lessons Learned using AWS Lambda as Remediation System. I take some issue with a few of the caveats pointed out, but overall it's not only a great dive into how to use Lambda in the real world for an interesting use case, but how folks outside of the Serverless bubble perceive these platforms.

Holy crap. If I told you to put this newsletter down right now and add a wildcard domain to all of your CloudFront distributions immediately, would you think I was out of my tree? What if I told you it was a severe security issue?

Amazon has significantly expanded their Best Practices page for DynamoDB (motto: "It's not a database, despite the name!"). There are some handy tidbits here if you're using that particular datastore.

A well written introduction to managing AWS with Terraform. If you're curious about managing your environment via infrastructure as code, but are too embarrassed to ask how that can be done, this is a great onramp.

A great dive into a service that I maintain most folks aren't paying enough attention to-- AWS Greengrass .

On the one hand, I find that Lambda cost optimization articles explore interesting areas. On the other, most folks I talk to aren't seeing Lambda as being sufficiently large as a percentage of their bill to be worth an optimization deep dive yet.

Werner Vogels reflects on 10 years of compartmentalization at AWS. Unfortunately from where I sit, it's got more to do with technical compartmentalization of things like Availability Zones, and less to do with the organizational compartmentalization that leads to entire services being launched without CloudFormation support.

Werner Vogels pontificates on the "why" behind Fargate. I'm not sure I agree with him entirely, but it's at least a glimpse into how AWS leadership sees these things.

Using Fargate and Kubernetes together is a fascinating idea; "burst capacity" to Fargate while your EC2 nodes spin up and configure is also a really neat concept.

As much fun as it is to poke fun at the machine learning hype, Slalom customer Veripad uses Sagemaker to identify fake prescription drugs. This isn't just lifechanging-- it's life saving in many parts of the world. I'm very interested in similar use cases if anyone sees any.

Amazon ECS provides ECS-Optimized AMI metadata via SSM Parameters - Scratching beneath the surface of that meaningless headline, what it means is that you can tell AWS to spin up an ECS cluster using, in plain English, "the latest AMI for that workload." Virtually every shop out there has a pile of code to identify which AMI to use; this hints at a brighter future of being able to just say "use the one I've blessed."

AWS Glue now supports Timeout Values for ETL jobs - Wait. People have been complaining about Lambda's hard limit of 300 seconds for a while now, but Glue would cheerfully run stuck jobs until the earth crashed into the sun? Who can keep up with all of this?!

Tools

This handy tool removes the wordy crap from your CloudWatch logs. Be careful-- it'll blow away things you care about if you're not judicious with it. You may wish to consult with your compliance people.

awless had a new version come out last week. It's worth a gander if you appreciate things like offline support for queries, useful ssh wrappers, and other treats that the official awscli doesn't support.

...and that's what happened Last Week in AWS.

I’m Corey Quinn. I help people significantly reduce and understand their AWS bills and speak broadly on the conference circuit. I advise companies doing interesting things in the cloud space, such as ReactiveOps.

If you've enjoyed reading this, tell your friends to sign up at lastweekinaws.com (or post a link in your company Slack team!) about it. As always, if you've seen a blog post, a tool, or anything else AWS related that you think the rest of the community should hear about, send them my way. You can either hit reply-- or join the #lastweekinaws channel on the og-aws Slack team.